Mahendra Ramsinghani Crunch Network Contributor
Mahendra Ramsinghani is the founder of Secure Octane , a Silicon Valley-based cybersecurity seed fund.
More posts by this contributor: The ransomware dilemma As Symantec flexes its muscle in security, who will step up to thechallenge?How to join the network
Security is one of the few tech sectors that thrives primarily thanks to the cruel intentions of bad actors. White hats and black hats exist symbiotically. Without the criminal element to create demand, CISOs would just hang up their spurs and call it a day.
While the tension between adversaries is a necessary function of the security industry, and spurs innovation, 2016 was an especially brutal year for the good guys.
So let’s begin 2017 with a sense of gratitude, because at least 2016 is behind us and having seen the best that black hats have thrown at our collective networks last year, now is the time for the white hats to respond.
From meddling with elections to the IoT bot DDOS attacks, we experienced pain, but I believe we are entering a golden age of security automation and resilience.
Security is still hot This market is Yuge
Gartner estimates that the security market size will be $120bn by 2020. In my While last year’s predictions for the market were significantly higher ($170 billion vs. $120 billion)the size of the industry is vast. A few unicorns can stillrange across the market withoutpoking horns into each other’s eyes.
And look at the services portion of the market pie it’s $55 billion ― big getting bigger. If you are a security startup and think it’s all about auto-magical products, think again. Forget that VC mantra of all product and no service ― listen to your customer. Managed security service providers are growing at triple digit rates. Even though it’s somewhat annoying, a self-congratulatory pat on the back is necessary here we called this “need for security services” last year.The incumbents need help
All the major security companies Symantec, Cisco, HP, Juniper cannot move fast enough. Partnerships and acquisitions are the way.
As of November 2016, Momentum Partners tracked over 120 mergers and acquisitions transactions worth over $17 billion. Symantec acquired Blue Coat for $4.7bn and Lifelock for another $2.3bn. At Bluecoat, Greg Clark and Mike Fey grew by acquisitions. They are now leading Symantec, so expect more acquisitions. And partnerships. Cisco completed its twelfth security acquisition Cloudlock this year. Oracle acquired CASB
They are now leading Symantec, so expect more acquisitions. And partnerships. Cisco completed its twelfth security acquisition Cloudlock this year. Oracle acquired CASB Palerra and DNS provider Dyn. And HP, Juniper, and Microsoft are likely to get on the prowl soon.
VC Investments cross $4bn
In 2016, VC investments crossed $4 billion. At least three venture capital funds are dedicated largely to security Trident Cyber Security , Allegis Capital and TenEleven Ventures . When we cut the investment data (sourced from Pitchbook & Momentum Partners) by number of deals done, this market is flattening.
The number and size of later stage investments and rounds continue to grow as do their valuations. For entrepreneurs the message is clear ― investors will fund your growth, not your powerpoint slideware. Seed stage valuations are lower, which is good for seed stage investors like me.
But the counterpoint is that I also see a lot of noise, me-toos and junk. Tracking some 1200 companies, these sub-sectors are obviously overheated. Put it differently, over $20bn has been invested in 1700+ security companies since 2010. By any estimates, less than 10% are profitable. And while we have a few Unicorns, we have yet to see meaningful exits.
Capital invested since 2010 ($bn)
Number of companies
Security & Vulnerability Management
Web and App Security
Identity & Access
83May God bless America… and my CISO
Religious overtones aside, it’s time we put the spotlight on the soldiers of the digital age. It will be sometime before we start giving out Congressional medals of honor to CISOs the silent majority who protect our data every day. In the meantime, take a minute to empathise with their condition.
A typical CISO has to deal with at least twenty five different technology solutions to identify, protect, detect, respond and remediate their assets. And the range of assets include applications, data, endpoints, networks and identity. Stuart McClure, CEO of Cylance pointed out that the CISOs are often the fall guys when things go wrong. Their role has been relegated to a Chief Apology Officer. The C suite / board needs to understand that a CISO is the soldier on the front lines. They need to be respected, honored and protected, sometimes from their own management hubris. And when they are done with protection, the sales guys never stop.
2017 The Age of Resilience
As we look at 2017, it’s evident that the CISO has moved from “we will be hacked someday” to “we are already compromised” to “give me that disaster recovery solution NOW.” It doesn’t get any worse. The mindset has moved precipitously towards hot backups in the age of ransomware and DDOS.This is leading to new opportunities such as splinternet, where new companies will create tightly controlled overlay networks. Networks and security are no longer separate conversations and this trend will create a whole new set of opport